23-year-old gets his hands on 4 million Pirate Bay accounts

Mark Raby, 8th July 2010

A 23-year-old hacker was able to find a vulnerability in the database of file-sharing giant Pirate Bay, accessing millions of private e-mail addresses and passwords.
Krebsonsecurity.com reports that an Argentinian man named Ch Russo, along with two others, were able to break into Pirate Bay's SQL database, allowing them to see every single user, their complete history of file uploads, and personal contact information.

Russo did not change anyone's information, though he could have because he had complete and total unfettered access.

The information is exactly what organizations like the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) are trying to get their hands on. Both of those trade groups have sued Pirate Bay but to no avail.

"Probably these groups would be very interested in this information, but we are not [trying] to sell it. Instead we wanted to tell people that their information may not be so well protected," said Russo.

The original story's author, Brian Krebs, confirmed that Russo was able to correctly find his user name and password. Russo iterated that he also had access to all Pirate Bay administrative accounts.

At no point did Pirate Bay comment on the data hack, but Krebs says that the vulnerability has since been fixed.